Wireshark-users: Re: [Wireshark-users] Display filters for application protocols
From: Sake Blok <sake@xxxxxxxxxx>
Date: Tue, 8 Mar 2011 20:16:47 +0100
On 8 mrt 2011, at 20:06, Sake Blok wrote:

> On 8 mrt 2011, at 19:43, Lukáš Oliva wrote:
> 
>> actually this is what I somehow expected. Is there a way how to filter
>> out just the packets I want? Like: filter out all frames containing
>> LIR message but display only LIR messages?
> 
> I think you can do it with:
> 
> diameter.cmd.code==302 and not diameter.cmd.code!=302

Hmmm... not sure I read your message right. My filter will give you all packets that only contain diameter commands with code 302, but it will not show the packets where a diameter code 302 is present together with another diameter command not having code 302

Capture filters and Display filters select packets, but they do not splice packets to show you only specific parts of the packet (as Jeff & Guy also pointed out).

Cheers,

Sake